CVE-2009-0969

Name of the Vulnerable Software and Affected Versions phpFoX version 1.6.21

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that change the email address via the "act[update]" action in the account/settings/account/index.php file.

Recommendations For phpFoX version 1.6.21, as a temporary workaround, consider restricting access to the account/settings/account/index.php file until a patch is available. Avoid using the "act[update]" action in this file to minimize the risk of exploitation.